Add ForceSigninVerifier.

chrome/browser/signin/chrome_signin_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/chrome_signin_client.h"
 
 #include <stddef.h>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/profiles/profile_attributes_entry.h"
 #include "chrome/browser/profiles/profile_attributes_storage.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_metrics.h"
 #include "chrome/browser/profiles/profile_window.h"
+#include "chrome/browser/signin/force_signin_verifier.h"
 #include "chrome/browser/signin/local_auth.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/signin/signin_util.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/user_manager.h"
 #include "chrome/browser/web_data_service_factory.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/features.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/metrics/metrics_service.h"
 #include "components/prefs/pref_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
@@ skipping 15 matching lines @@
 #include "chrome/browser/chromeos/net/delay_network_call.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #endif
 
 #if !defined(OS_ANDROID)
 #include "chrome/browser/first_run/first_run.h"
 #endif
 
-namespace {
-
-bool IsForceSigninEnabled() {
-  PrefService* prefs = g_browser_process->local_state();
-  return prefs && prefs->GetBoolean(prefs::kForceBrowserSignin);
-}
-
-}  // namespace
-
 ChromeSigninClient::ChromeSigninClient(
     Profile* profile,
     SigninErrorController* signin_error_controller)
     : OAuth2TokenService::Consumer("chrome_signin_client"),
       profile_(profile),
-      signin_error_controller_(signin_error_controller),
-      is_force_signin_enabled_(IsForceSigninEnabled()) {
+      signin_error_controller_(signin_error_controller) {
   signin_error_controller_->AddObserver(this);
 #if !defined(OS_CHROMEOS)
   net::NetworkChangeNotifier::AddNetworkChangeObserver(this);
 #else
   // UserManager may not exist in unit_tests.
   if (!user_manager::UserManager::IsInitialized())
     return;
 
   const user_manager::User* user =
       chromeos::ProfileHelper::Get()->GetUserByProfile(profile_);
@@ skipping 24 matching lines @@
 }
 
 void ChromeSigninClient::Shutdown() {
 #if !defined(OS_CHROMEOS)
   net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this);
 #endif
 }
 
 void ChromeSigninClient::DoFinalInit() {
   MaybeFetchSigninTokenHandle();
+  VerifySyncToken();
 }
 
 // static
 bool ChromeSigninClient::ProfileAllowsSigninCookies(Profile* profile) {
   content_settings::CookieSettings* cookie_settings =
       CookieSettingsFactory::GetForProfile(profile).get();
   return signin::SettingsAllowSigninCookies(cookie_settings);
 }
 
 PrefService* ChromeSigninClient::GetPrefs() { return profile_->GetPrefs(); }
@@ skipping 142 matching lines @@
   // Don't store password hash except when lock is available for the user.
   if (!password.empty() && profiles::IsLockAvailable(profile_))
     LocalAuth::SetLocalAuthCredentials(profile_, password);
 #endif
 }
 
 void ChromeSigninClient::PreSignOut(
     const base::Callback<void()>& sign_out,
     signin_metrics::ProfileSignout signout_source_metric) {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
-  if (is_force_signin_enabled_ && !profile_->IsSystemProfile() &&
+  if (signin_util::IsForceSigninEnabled() && !profile_->IsSystemProfile() &&
       !profile_->IsGuestSession() && !profile_->IsSupervised()) {
     // TODO(zmin): force window closing based on the reason of sign-out.
     // This will be updated after force window closing CL is commited.
 
     // User can't abort the window closing unless user sign out manually.
     BrowserList::CloseAllBrowsersWithProfile(
         profile_,
         base::Bind(&ChromeSigninClient::OnCloseBrowsersSuccess,
                    base::Unretained(this), sign_out, signout_source_metric),
         base::Bind(&ChromeSigninClient::OnCloseBrowsersAborted,
@@ skipping 98 matching lines @@
 #endif
 }
 
 std::unique_ptr<GaiaAuthFetcher> ChromeSigninClient::CreateGaiaAuthFetcher(
     GaiaAuthConsumer* consumer,
     const std::string& source,
     net::URLRequestContextGetter* getter) {
   return base::MakeUnique<GaiaAuthFetcher>(consumer, source, getter);
 }
 
+void ChromeSigninClient::VerifySyncToken() {
+#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
+  if (signin_util::IsForceSigninEnabled())
+    force_signin_verifier_ = base::MakeUnique<ForceSigninVerifier>(profile_);
+#endif
+}
+
 void ChromeSigninClient::MaybeFetchSigninTokenHandle() {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   // We get a "handle" that can be used to reference the signin token on the
   // server.  We fetch this if we don't have one so that later we can check
   // it to know if the signin token to which it is attached has been revoked
   // and thus distinguish between a password mismatch due to the password
   // being changed and the user simply mis-typing it.
   if (profiles::IsLockAvailable(profile_)) {
     ProfileAttributesStorage& storage =
         g_browser_process->profile_manager()->GetProfileAttributesStorage();
     ProfileAttributesEntry* entry;
     // If we don't have a token for detecting a password change, create one.
     if (storage.GetProfileAttributesWithPath(profile_->GetPath(), &entry) &&
         entry->GetPasswordChangeDetectionToken().empty() && !oauth_request_) {
       std::string account_id = SigninManagerFactory::GetForProfile(profile_)
           ->GetAuthenticatedAccountId();
       if (!account_id.empty()) {
         ProfileOAuth2TokenService* token_service =
             ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
         OAuth2TokenService::ScopeSet scopes;
         scopes.insert(GaiaConstants::kGoogleUserInfoEmail);
         oauth_request_ = token_service->StartRequest(account_id, scopes, this);
       }
     }
   }
 #endif
 }
 
 void ChromeSigninClient::AfterCredentialsCopied() {
-  if (is_force_signin_enabled_) {
+  if (signin_util::IsForceSigninEnabled()) {
     // The signout after credential copy won't open UserManager after all
     // browser window are closed. Because the browser window will be opened for
     // the new profile soon.
     should_display_user_manager_ = false;
   }
 }
 
 void ChromeSigninClient::OnCloseBrowsersSuccess(
     const base::Callback<void()>& sign_out,
     const signin_metrics::ProfileSignout signout_source_metric,
     const base::FilePath& profile_path) {
+#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
+  if (signin_util::IsForceSigninEnabled() && force_signin_verifier_.get())
+    force_signin_verifier_->Cancel();
+#endif
   SigninClient::PreSignOut(sign_out, signout_source_metric);
 
   LockForceSigninProfile(profile_path);
   // After sign out, lock the profile and show UserManager if necessary.
   if (should_display_user_manager_) {
     ShowUserManager(profile_path);
   } else {
     should_display_user_manager_ = true;
   }
 }
@@ skipping 14 matching lines @@
     return;
   entry->LockForceSigninProfile(true);
 }
 
 void ChromeSigninClient::ShowUserManager(const base::FilePath& profile_path) {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   UserManager::Show(profile_path, profiles::USER_MANAGER_NO_TUTORIAL,
                     profiles::USER_MANAGER_SELECT_PROFILE_NO_ACTION);
 #endif
 }